From 1db6365e117f26e9f4e91130799458229746bb3e Mon Sep 17 00:00:00 2001 From: etaylormcgregor-stytch Date: Thu, 26 Sep 2024 08:55:53 -0400 Subject: [PATCH] Fix member session return type magic links (#218) * fix member session return type magic links * Revert "fix member session return type magic links" This reverts commit a1a781096d95a528bc45f1eb89005ccd29059e6b. * regenerate * bump minor version * remove patch number --- .../api/discovery_intermediate_sessions.py | 16 +++++-- stytch/b2b/api/discovery_organizations.py | 8 ++-- stytch/b2b/api/magic_links.py | 12 ++--- stytch/b2b/api/magic_links_email.py | 4 +- stytch/b2b/api/oauth.py | 18 ++++--- stytch/b2b/api/oauth_discovery.py | 4 +- stytch/b2b/api/organizations.py | 16 +++---- stytch/b2b/api/organizations_members.py | 28 +++++------ stytch/b2b/api/otp_sms.py | 8 ++-- stytch/b2b/api/passwords.py | 12 ++--- stytch/b2b/api/passwords_email.py | 47 +++++++++++++++++-- stytch/b2b/api/passwords_existing_password.py | 8 ++-- stytch/b2b/api/passwords_session.py | 4 +- stytch/b2b/api/recovery_codes.py | 12 ++--- stytch/b2b/api/sessions.py | 18 +++---- stytch/b2b/api/sso.py | 8 ++-- stytch/b2b/api/totps.py | 8 ++-- .../models/discovery_intermediate_sessions.py | 2 +- stytch/b2b/models/discovery_organizations.py | 2 +- stytch/b2b/models/magic_links.py | 4 +- stytch/b2b/models/oauth.py | 2 +- stytch/b2b/models/passwords_email.py | 6 +++ stytch/b2b/models/sessions.py | 2 +- stytch/b2b/models/sso.py | 27 ++++++++--- stytch/version.py | 2 +- 25 files changed, 176 insertions(+), 102 deletions(-) diff --git a/stytch/b2b/api/discovery_intermediate_sessions.py b/stytch/b2b/api/discovery_intermediate_sessions.py index 4b0358a..f04d76c 100644 --- a/stytch/b2b/api/discovery_intermediate_sessions.py +++ b/stytch/b2b/api/discovery_intermediate_sessions.py @@ -37,12 +37,16 @@ def exchange( This endpoint can be used to accept invites and create new members via domain matching. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`. + If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`. The `intermediate_session_token` will not be consumed and instead will be returned in the response. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. + If the Member is logging in via an OAuth provider that does not fully verify the email, the returned value of `member_authenticated` will be `false`. + The `intermediate_session_token` will not be consumed and instead will be returned in the response. + The `primary_required` field details the authentication flow the Member must perform in order to [complete a step-up authentication](https://stytch.com/docs/b2b/guides/oauth/auth-flows) into the organization. The `intermediate_session_token` must be passed into that authentication flow. + Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -60,7 +64,7 @@ def exchange( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -100,12 +104,16 @@ async def exchange_async( This endpoint can be used to accept invites and create new members via domain matching. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`. + If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`. The `intermediate_session_token` will not be consumed and instead will be returned in the response. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. + If the Member is logging in via an OAuth provider that does not fully verify the email, the returned value of `member_authenticated` will be `false`. + The `intermediate_session_token` will not be consumed and instead will be returned in the response. + The `primary_required` field details the authentication flow the Member must perform in order to [complete a step-up authentication](https://stytch.com/docs/b2b/guides/oauth/auth-flows) into the organization. The `intermediate_session_token` must be passed into that authentication flow. + Fields: - intermediate_session_token: The Intermediate Session Token. This token does not necessarily belong to a specific instance of a Member, but represents a bag of factors that may be converted to a member session. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -123,7 +131,7 @@ async def exchange_async( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. diff --git a/stytch/b2b/api/discovery_organizations.py b/stytch/b2b/api/discovery_organizations.py index e68ba0e..21b77e8 100644 --- a/stytch/b2b/api/discovery_organizations.py +++ b/stytch/b2b/api/discovery_organizations.py @@ -46,14 +46,14 @@ def create( oauth_tenant_jit_provisioning: Optional[str] = None, allowed_oauth_tenants: Optional[Dict[str, Any]] = None, ) -> CreateResponse: - """If an end user does not want to join any already-existing Organization, or has no possible Organizations to join, this endpoint can be used to create a new + """If an end user does not want to join any already-existing, or has no possible Organizations to join, this endpoint can be used to create a new [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object). This operation consumes the Intermediate Session. This endpoint will also create an initial Member Session for the newly created Member. - The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the + The created by this endpoint will automatically be granted the `stytch_admin` Role. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role. If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization. @@ -214,14 +214,14 @@ async def create_async( oauth_tenant_jit_provisioning: Optional[str] = None, allowed_oauth_tenants: Optional[Dict[str, Any]] = None, ) -> CreateResponse: - """If an end user does not want to join any already-existing Organization, or has no possible Organizations to join, this endpoint can be used to create a new + """If an end user does not want to join any already-existing, or has no possible Organizations to join, this endpoint can be used to create a new [Organization](https://stytch.com/docs/b2b/api/organization-object) and [Member](https://stytch.com/docs/b2b/api/member-object). This operation consumes the Intermediate Session. This endpoint will also create an initial Member Session for the newly created Member. - The Member created by this endpoint will automatically be granted the `stytch_admin` Role. See the + The created by this endpoint will automatically be granted the `stytch_admin` Role. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/stytch-default) for more details on this Role. If the new Organization is created with a `mfa_policy` of `REQUIRED_FOR_ALL`, the newly created Member will need to complete an MFA step to log in to the Organization. diff --git a/stytch/b2b/api/magic_links.py b/stytch/b2b/api/magic_links.py index eaacfdd..889122b 100644 --- a/stytch/b2b/api/magic_links.py +++ b/stytch/b2b/api/magic_links.py @@ -47,10 +47,10 @@ def authenticate( locale: Optional[Union[AuthenticateRequestLocale, str]] = None, intermediate_session_token: Optional[str] = None, ) -> AuthenticateResponse: - """Authenticate a Member with a Magic Link. This endpoint requires a Magic Link token that is not expired or previously used. If the Member’s status is `pending` or `invited`, they will be updated to `active`. + """Authenticate a with a Magic Link. This endpoint requires a Magic Link token that is not expired or previously used. If the Member’s status is `pending` or `invited`, they will be updated to `active`. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + If the Member is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. @@ -81,7 +81,7 @@ def authenticate( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -125,10 +125,10 @@ async def authenticate_async( locale: Optional[AuthenticateRequestLocale] = None, intermediate_session_token: Optional[str] = None, ) -> AuthenticateResponse: - """Authenticate a Member with a Magic Link. This endpoint requires a Magic Link token that is not expired or previously used. If the Member’s status is `pending` or `invited`, they will be updated to `active`. + """Authenticate a with a Magic Link. This endpoint requires a Magic Link token that is not expired or previously used. If the Member’s status is `pending` or `invited`, they will be updated to `active`. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + If the Member is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. @@ -159,7 +159,7 @@ async def authenticate_async( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. diff --git a/stytch/b2b/api/magic_links_email.py b/stytch/b2b/api/magic_links_email.py index a2cd6e3..e9d8d10 100644 --- a/stytch/b2b/api/magic_links_email.py +++ b/stytch/b2b/api/magic_links_email.py @@ -163,7 +163,7 @@ def invite( roles: Optional[List[str]] = None, method_options: Optional[InviteRequestOptions] = None, ) -> InviteResponse: - """Send an invite email to a new Member to join an Organization. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error. + """Send an invite email to a new to join an. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error. The magic link invite will be valid for 1 week. @@ -232,7 +232,7 @@ async def invite_async( roles: Optional[List[str]] = None, method_options: Optional[InviteRequestOptions] = None, ) -> InviteResponse: - """Send an invite email to a new Member to join an Organization. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error. + """Send an invite email to a new to join an. The Member will be created with an `invited` status until they successfully authenticate. Sending invites to `pending` Members will update their status to `invited`. Sending invites to already `active` Members will return an error. The magic link invite will be valid for 1 week. diff --git a/stytch/b2b/api/oauth.py b/stytch/b2b/api/oauth.py index 8b15435..e0113c5 100644 --- a/stytch/b2b/api/oauth.py +++ b/stytch/b2b/api/oauth.py @@ -38,15 +38,18 @@ def authenticate( locale: Optional[Union[AuthenticateRequestLocale, str]] = None, intermediate_session_token: Optional[str] = None, ) -> AuthenticateResponse: - """Authenticate a Member given a `token`. This endpoint verifies that the member completed the OAuth flow by verifying that the token is valid and hasn't expired. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. + """Authenticate a given a `token`. This endpoint verifies that the member completed the flow by verifying that the token is valid and hasn't expired. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + If the Member is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. + If the Member is logging in via an OAuth provider that does not fully verify the email, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + The `primary_required` field details the authentication flow the Member must perform in order to [complete a step-up authentication](https://stytch.com/docs/b2b/guides/oauth/auth-flows) into the organization. The `intermediate_session_token` must be passed into that authentication flow. + We’re actively accepting requests for new OAuth providers! Please [email us](mailto:support@stytch.com) or [post in our community](https://stytch.com/docs/b2b/resources) if you are looking for an OAuth provider that is not currently supported. Fields: @@ -68,7 +71,7 @@ def authenticate( delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - pkce_code_verifier: A base64url encoded one time secret used to validate that the request starts and ends on the same device. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -112,15 +115,18 @@ async def authenticate_async( locale: Optional[AuthenticateRequestLocale] = None, intermediate_session_token: Optional[str] = None, ) -> AuthenticateResponse: - """Authenticate a Member given a `token`. This endpoint verifies that the member completed the OAuth flow by verifying that the token is valid and hasn't expired. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. + """Authenticate a given a `token`. This endpoint verifies that the member completed the flow by verifying that the token is valid and hasn't expired. Provide the `session_duration_minutes` parameter to set the lifetime of the session. If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + If the Member is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `intermediate_session_token` can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to join a different Organization or create a new one. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. If a valid `session_token` or `session_jwt` is passed in, the Member will not be required to complete an MFA step. + If the Member is logging in via an OAuth provider that does not fully verify the email, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + The `primary_required` field details the authentication flow the Member must perform in order to [complete a step-up authentication](https://stytch.com/docs/b2b/guides/oauth/auth-flows) into the organization. The `intermediate_session_token` must be passed into that authentication flow. + We’re actively accepting requests for new OAuth providers! Please [email us](mailto:support@stytch.com) or [post in our community](https://stytch.com/docs/b2b/resources) if you are looking for an OAuth provider that is not currently supported. Fields: @@ -142,7 +148,7 @@ async def authenticate_async( delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - pkce_code_verifier: A base64url encoded one time secret used to validate that the request starts and ends on the same device. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. diff --git a/stytch/b2b/api/oauth_discovery.py b/stytch/b2b/api/oauth_discovery.py index 8d62f40..7977ff9 100644 --- a/stytch/b2b/api/oauth_discovery.py +++ b/stytch/b2b/api/oauth_discovery.py @@ -30,7 +30,7 @@ def authenticate( session_custom_claims: Optional[Dict[str, Any]] = None, pkce_code_verifier: Optional[str] = None, ) -> AuthenticateResponse: - """Authenticates the Discovery OAuth token and exchanges it for an Intermediate Session Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes. + """Authenticates the Discovery token and exchanges it for an Intermediate Session Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes. Fields: - discovery_oauth_token: The Discovery OAuth token to authenticate. @@ -68,7 +68,7 @@ async def authenticate_async( session_custom_claims: Optional[Dict[str, Any]] = None, pkce_code_verifier: Optional[str] = None, ) -> AuthenticateResponse: - """Authenticates the Discovery OAuth token and exchanges it for an Intermediate Session Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes. + """Authenticates the Discovery token and exchanges it for an Intermediate Session Token. Intermediate Session Tokens can be used for various Discovery login flows and are valid for 10 minutes. Fields: - discovery_oauth_token: The Discovery OAuth token to authenticate. diff --git a/stytch/b2b/api/organizations.py b/stytch/b2b/api/organizations.py index c2b25a8..68f6493 100644 --- a/stytch/b2b/api/organizations.py +++ b/stytch/b2b/api/organizations.py @@ -59,7 +59,7 @@ def create( oauth_tenant_jit_provisioning: Optional[str] = None, allowed_oauth_tenants: Optional[Dict[str, Any]] = None, ) -> CreateResponse: - """Creates an Organization. An `organization_name` and a unique `organization_slug` are required. + """Creates an. An `organization_name` and a unique `organization_slug` are required. By default, `email_invites` and `sso_jit_provisioning` will be set to `ALL_ALLOWED`, and `mfa_policy` will be set to `OPTIONAL` if no Organization authentication settings are explicitly defined in the request. @@ -195,7 +195,7 @@ async def create_async( oauth_tenant_jit_provisioning: Optional[str] = None, allowed_oauth_tenants: Optional[Dict[str, Any]] = None, ) -> CreateResponse: - """Creates an Organization. An `organization_name` and a unique `organization_slug` are required. + """Creates an. An `organization_name` and a unique `organization_slug` are required. By default, `email_invites` and `sso_jit_provisioning` will be set to `ALL_ALLOWED`, and `mfa_policy` will be set to `OPTIONAL` if no Organization authentication settings are explicitly defined in the request. @@ -314,7 +314,7 @@ def get( self, organization_id: str, ) -> GetResponse: - """Returns an Organization specified by `organization_id`. + """Returns an specified by `organization_id`. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -332,7 +332,7 @@ async def get_async( self, organization_id: str, ) -> GetResponse: - """Returns an Organization specified by `organization_id`. + """Returns an specified by `organization_id`. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -371,7 +371,7 @@ def update( allowed_oauth_tenants: Optional[Dict[str, Any]] = None, method_options: Optional[UpdateRequestOptions] = None, ) -> UpdateResponse: - """Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. + """Updates an specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors. @@ -559,7 +559,7 @@ async def update_async( allowed_oauth_tenants: Optional[Dict[str, Any]] = None, method_options: Optional[UpdateRequestOptions] = None, ) -> UpdateResponse: - """Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. + """Updates an specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members. *See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors. @@ -727,7 +727,7 @@ def delete( organization_id: str, method_options: Optional[DeleteRequestOptions] = None, ) -> DeleteResponse: - """Deletes an Organization specified by `organization_id`. All Members of the Organization will also be deleted. + """Deletes an specified by `organization_id`. All Members of the Organization will also be deleted. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -748,7 +748,7 @@ async def delete_async( organization_id: str, method_options: Optional[DeleteRequestOptions] = None, ) -> DeleteResponse: - """Deletes an Organization specified by `organization_id`. All Members of the Organization will also be deleted. + """Deletes an specified by `organization_id`. All Members of the Organization will also be deleted. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. diff --git a/stytch/b2b/api/organizations_members.py b/stytch/b2b/api/organizations_members.py index 3471796..9897810 100644 --- a/stytch/b2b/api/organizations_members.py +++ b/stytch/b2b/api/organizations_members.py @@ -64,7 +64,7 @@ def update( email_address: Optional[str] = None, method_options: Optional[UpdateRequestOptions] = None, ) -> UpdateResponse: - """Updates a Member specified by `organization_id` and `member_id`. + """Updates a specified by `organization_id` and `member_id`. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -161,7 +161,7 @@ async def update_async( email_address: Optional[str] = None, method_options: Optional[UpdateRequestOptions] = None, ) -> UpdateResponse: - """Updates a Member specified by `organization_id` and `member_id`. + """Updates a specified by `organization_id` and `member_id`. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -248,7 +248,7 @@ def delete( member_id: str, method_options: Optional[DeleteRequestOptions] = None, ) -> DeleteResponse: - """Deletes a Member specified by `organization_id` and `member_id`. + """Deletes a specified by `organization_id` and `member_id`. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -274,7 +274,7 @@ async def delete_async( member_id: str, method_options: Optional[DeleteRequestOptions] = None, ) -> DeleteResponse: - """Deletes a Member specified by `organization_id` and `member_id`. + """Deletes a specified by `organization_id` and `member_id`. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -300,7 +300,7 @@ def reactivate( member_id: str, method_options: Optional[ReactivateRequestOptions] = None, ) -> ReactivateResponse: - """Reactivates a deleted Member's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. + """Reactivates a deleted's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. This endpoint will only work for Members with at least one verified email where their `email_address_verified` is `true`. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -327,7 +327,7 @@ async def reactivate_async( member_id: str, method_options: Optional[ReactivateRequestOptions] = None, ) -> ReactivateResponse: - """Reactivates a deleted Member's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. + """Reactivates a deleted's status and its associated email status (if applicable) to active, specified by `organization_id` and `member_id`. This endpoint will only work for Members with at least one verified email where their `email_address_verified` is `true`. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -354,7 +354,7 @@ def delete_mfa_phone_number( member_id: str, method_options: Optional[DeleteMFAPhoneNumberRequestOptions] = None, ) -> DeleteMFAPhoneNumberResponse: - """Delete a Member's MFA phone number. + """Delete a's MFA phone number. To change a Member's phone number, you must first call this endpoint to delete the existing phone number. @@ -389,7 +389,7 @@ async def delete_mfa_phone_number_async( member_id: str, method_options: Optional[DeleteMFAPhoneNumberRequestOptions] = None, ) -> DeleteMFAPhoneNumberResponse: - """Delete a Member's MFA phone number. + """Delete a's MFA phone number. To change a Member's phone number, you must first call this endpoint to delete the existing phone number. @@ -552,7 +552,7 @@ def delete_password( member_password_id: str, method_options: Optional[DeletePasswordRequestOptions] = None, ) -> DeletePasswordResponse: - """Delete a Member's password. + """Delete a's password. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -579,7 +579,7 @@ async def delete_password_async( member_password_id: str, method_options: Optional[DeletePasswordRequestOptions] = None, ) -> DeletePasswordResponse: - """Delete a Member's password. + """Delete a's password. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -648,7 +648,7 @@ def unlink_retired_email( email_address: Optional[str] = None, method_options: Optional[UnlinkRetiredEmailRequestOptions] = None, ) -> UnlinkRetiredEmailResponse: - """Unlinks a retired email address from a Member specified by their `organization_id` and `member_id`. The email address + """Unlinks a retired email address from a specified by their `organization_id` and `member_id`. The email address to be retired can be identified in the request body by either its `email_id`, its `email_address`, or both. If using both identifiers they must refer to the same email. @@ -696,7 +696,7 @@ async def unlink_retired_email_async( email_address: Optional[str] = None, method_options: Optional[UnlinkRetiredEmailRequestOptions] = None, ) -> UnlinkRetiredEmailResponse: - """Unlinks a retired email address from a Member specified by their `organization_id` and `member_id`. The email address + """Unlinks a retired email address from a specified by their `organization_id` and `member_id`. The email address to be retired can be identified in the request body by either its `email_id`, its `email_address`, or both. If using both identifiers they must refer to the same email. @@ -750,7 +750,7 @@ def create( roles: Optional[List[str]] = None, method_options: Optional[CreateRequestOptions] = None, ) -> CreateResponse: - """Creates a Member. An `organization_id` and `email_address` are required. + """Creates a. An `organization_id` and `email_address` are required. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -811,7 +811,7 @@ async def create_async( roles: Optional[List[str]] = None, method_options: Optional[CreateRequestOptions] = None, ) -> CreateResponse: - """Creates a Member. An `organization_id` and `email_address` are required. + """Creates a. An `organization_id` and `email_address` are required. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. diff --git a/stytch/b2b/api/otp_sms.py b/stytch/b2b/api/otp_sms.py index 2491da4..8ccba04 100644 --- a/stytch/b2b/api/otp_sms.py +++ b/stytch/b2b/api/otp_sms.py @@ -35,7 +35,7 @@ def send( session_token: Optional[str] = None, session_jwt: Optional[str] = None, ) -> SendResponse: - """Send a One-Time Passcode (OTP) to a Member's phone number. + """Send a One-Time Passcode (OTP) to a's phone number. If the Member already has a phone number, the `mfa_phone_number` field is not needed; the endpoint will send an OTP to the number associated with the Member. If the Member does not have a phone number, the endpoint will send an OTP to the `mfa_phone_number` provided and link the `mfa_phone_number` with the Member. @@ -99,7 +99,7 @@ async def send_async( session_token: Optional[str] = None, session_jwt: Optional[str] = None, ) -> SendResponse: - """Send a One-Time Passcode (OTP) to a Member's phone number. + """Send a One-Time Passcode (OTP) to a's phone number. If the Member already has a phone number, the `mfa_phone_number` field is not needed; the endpoint will send an OTP to the number associated with the Member. If the Member does not have a phone number, the endpoint will send an OTP to the `mfa_phone_number` provided and link the `mfa_phone_number` with the Member. @@ -177,7 +177,7 @@ def authenticate( such as [email magic link authenticate](https://stytch.com/docs/b2b/api/authenticate-magic-link), or upon successful calls to discovery authenticate methods, such as [email magic link discovery authenticate](https://stytch.com/docs/b2b/api/authenticate-discovery-magic-link). - If the Organization's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the Member's `mfa_enrolled` status to `true` if it is not already `true`. + If the's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the's `mfa_enrolled` status to `true` if it is not already `true`. If the Organization's MFA policy is `OPTIONAL`, the Member's MFA enrollment can be toggled by passing in a value for the `set_mfa_enrollment` field. The Member's MFA enrollment can also be toggled through the [Update Member](https://stytch.com/docs/b2b/api/update-member) endpoint. @@ -261,7 +261,7 @@ async def authenticate_async( such as [email magic link authenticate](https://stytch.com/docs/b2b/api/authenticate-magic-link), or upon successful calls to discovery authenticate methods, such as [email magic link discovery authenticate](https://stytch.com/docs/b2b/api/authenticate-discovery-magic-link). - If the Organization's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the Member's `mfa_enrolled` status to `true` if it is not already `true`. + If the's MFA policy is `REQUIRED_FOR_ALL`, a successful OTP authentication will change the's `mfa_enrolled` status to `true` if it is not already `true`. If the Organization's MFA policy is `OPTIONAL`, the Member's MFA enrollment can be toggled by passing in a value for the `set_mfa_enrollment` field. The Member's MFA enrollment can also be toggled through the [Update Member](https://stytch.com/docs/b2b/api/update-member) endpoint. diff --git a/stytch/b2b/api/passwords.py b/stytch/b2b/api/passwords.py index e2339e3..9c9046d 100644 --- a/stytch/b2b/api/passwords.py +++ b/stytch/b2b/api/passwords.py @@ -138,7 +138,7 @@ def migrate( Fields: - email_address: The email address of the Member. - hash: The password hash. For a Scrypt or PBKDF2 hash, the hash needs to be a base64 encoded string. - - hash_type: The password hash used. Currently `bcrypt`, `scrypt`, `argon2i`, `argon2id`, `md_5`, `sha_1`, and `pbkdf_2` are supported. + - hash_type: The password hash used. Currently `bcrypt`, `scrypt`, `argon_2i`, `argon2_id`, `md_5`, `sha_1`, and `pbkdf_2` are supported. - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. - md_5_config: Optional parameters for MD-5 hash types. - argon_2_config: Required parameters if the argon2 hex form, as opposed to the encoded form, is supplied. @@ -234,7 +234,7 @@ async def migrate_async( Fields: - email_address: The email address of the Member. - hash: The password hash. For a Scrypt or PBKDF2 hash, the hash needs to be a base64 encoded string. - - hash_type: The password hash used. Currently `bcrypt`, `scrypt`, `argon2i`, `argon2id`, `md_5`, `sha_1`, and `pbkdf_2` are supported. + - hash_type: The password hash used. Currently `bcrypt`, `scrypt`, `argon_2i`, `argon2_id`, `md_5`, `sha_1`, and `pbkdf_2` are supported. - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. - md_5_config: Optional parameters for MD-5 hash types. - argon_2_config: Required parameters if the argon2 hex form, as opposed to the encoded form, is supplied. @@ -322,7 +322,7 @@ def authenticate( If you have breach detection during authentication enabled in your [password strength policy](https://stytch.com/docs/b2b/guides/passwords/strength-policies) and the member's credentials have appeared in the HaveIBeenPwned dataset, this endpoint will return a `member_reset_password` error even if the member enters a correct password. We force a password reset in this case to ensure that the member is the legitimate owner of the email address and not a malicious actor abusing the compromised credentials. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. @@ -348,7 +348,7 @@ def authenticate( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -397,7 +397,7 @@ async def authenticate_async( If you have breach detection during authentication enabled in your [password strength policy](https://stytch.com/docs/b2b/guides/passwords/strength-policies) and the member's credentials have appeared in the HaveIBeenPwned dataset, this endpoint will return a `member_reset_password` error even if the member enters a correct password. We force a password reset in this case to ensure that the member is the legitimate owner of the email address and not a malicious actor abusing the compromised credentials. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. @@ -423,7 +423,7 @@ async def authenticate_async( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. diff --git a/stytch/b2b/api/passwords_email.py b/stytch/b2b/api/passwords_email.py index da7357b..e529ba5 100644 --- a/stytch/b2b/api/passwords_email.py +++ b/stytch/b2b/api/passwords_email.py @@ -9,6 +9,7 @@ from typing import Any, Dict, Optional, Union from stytch.b2b.models.passwords_email import ( + DeleteResponse, ResetRequestLocale, ResetResponse, ResetStartRequestLocale, @@ -164,7 +165,7 @@ def reset( locale: Optional[Union[ResetRequestLocale, str]] = None, intermediate_session_token: Optional[str] = None, ) -> ResetResponse: - """Reset the member's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used. + """Reset the's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated. @@ -200,7 +201,7 @@ def reset( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -246,7 +247,7 @@ async def reset_async( locale: Optional[ResetRequestLocale] = None, intermediate_session_token: Optional[str] = None, ) -> ResetResponse: - """Reset the member's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used. + """Reset the's password and authenticate them. This endpoint checks that the password reset token is valid, hasn’t expired, or already been used. The provided password needs to meet our password strength requirements, which can be checked in advance with the password strength endpoint. If the token and password are accepted, the password is securely stored for future authentication and the user is authenticated. @@ -282,7 +283,7 @@ async def reset_async( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -315,3 +316,41 @@ async def reset_async( url = self.api_base.url_for("/v1/b2b/passwords/email/reset", data) res = await self.async_client.post(url, data, headers) return ResetResponse.from_json(res.response.status, res.json) + + def delete( + self, + email_address: str, + organization_id: Optional[str] = None, + member_id: Optional[str] = None, + ) -> DeleteResponse: + headers: Dict[str, str] = {} + data: Dict[str, Any] = { + "email_address": email_address, + } + if organization_id is not None: + data["organization_id"] = organization_id + if member_id is not None: + data["member_id"] = member_id + + url = self.api_base.url_for("/v1/b2b/passwords/email/delete", data) + res = self.sync_client.post(url, data, headers) + return DeleteResponse.from_json(res.response.status_code, res.json) + + async def delete_async( + self, + email_address: str, + organization_id: Optional[str] = None, + member_id: Optional[str] = None, + ) -> DeleteResponse: + headers: Dict[str, str] = {} + data: Dict[str, Any] = { + "email_address": email_address, + } + if organization_id is not None: + data["organization_id"] = organization_id + if member_id is not None: + data["member_id"] = member_id + + url = self.api_base.url_for("/v1/b2b/passwords/email/delete", data) + res = await self.async_client.post(url, data, headers) + return DeleteResponse.from_json(res.response.status, res.json) diff --git a/stytch/b2b/api/passwords_existing_password.py b/stytch/b2b/api/passwords_existing_password.py index fdafd04..450e533 100644 --- a/stytch/b2b/api/passwords_existing_password.py +++ b/stytch/b2b/api/passwords_existing_password.py @@ -36,7 +36,7 @@ def reset( session_custom_claims: Optional[Dict[str, Any]] = None, locale: Optional[Union[ResetRequestLocale, str]] = None, ) -> ResetResponse: - """Reset the member’s password using their existing password. + """Reset the’s password using their existing password. This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid @@ -73,7 +73,7 @@ def reset( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -116,7 +116,7 @@ async def reset_async( session_custom_claims: Optional[Dict[str, Any]] = None, locale: Optional[ResetRequestLocale] = None, ) -> ResetResponse: - """Reset the member’s password using their existing password. + """Reset the’s password using their existing password. This endpoint adapts to your Project's password strength configuration. If you're using [zxcvbn](https://stytch.com/docs/guides/passwords/strength-policy), the default, your passwords are considered valid @@ -153,7 +153,7 @@ async def reset_async( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. diff --git a/stytch/b2b/api/passwords_session.py b/stytch/b2b/api/passwords_session.py index b954df5..e3ac775 100644 --- a/stytch/b2b/api/passwords_session.py +++ b/stytch/b2b/api/passwords_session.py @@ -31,7 +31,7 @@ def reset( session_custom_claims: Optional[Dict[str, Any]] = None, locale: Optional[Union[ResetRequestLocale, str]] = None, ) -> ResetResponse: - """Reset the Member's password using their existing session. The endpoint will error if the session does not contain an authentication factor that has been issued within the last 5 minutes. Either `session_token` or `session_jwt` should be provided. + """Reset the's password using their existing session. The endpoint will error if the session does not contain an authentication factor that has been issued within the last 5 minutes. Either `session_token` or `session_jwt` should be provided. Note that a successful password reset via an existing session will revoke all active sessions for the `member_id`, except for the one used during the reset flow. @@ -91,7 +91,7 @@ async def reset_async( session_custom_claims: Optional[Dict[str, Any]] = None, locale: Optional[ResetRequestLocale] = None, ) -> ResetResponse: - """Reset the Member's password using their existing session. The endpoint will error if the session does not contain an authentication factor that has been issued within the last 5 minutes. Either `session_token` or `session_jwt` should be provided. + """Reset the's password using their existing session. The endpoint will error if the session does not contain an authentication factor that has been issued within the last 5 minutes. Either `session_token` or `session_jwt` should be provided. Note that a successful password reset via an existing session will revoke all active sessions for the `member_id`, except for the one used during the reset flow. diff --git a/stytch/b2b/api/recovery_codes.py b/stytch/b2b/api/recovery_codes.py index 2feac42..bd2064f 100644 --- a/stytch/b2b/api/recovery_codes.py +++ b/stytch/b2b/api/recovery_codes.py @@ -36,7 +36,7 @@ def recover( session_duration_minutes: Optional[int] = None, session_custom_claims: Optional[Dict[str, Any]] = None, ) -> RecoverResponse: - """Allows a Member to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member. + """Allows a to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -92,7 +92,7 @@ async def recover_async( session_duration_minutes: Optional[int] = None, session_custom_claims: Optional[Dict[str, Any]] = None, ) -> RecoverResponse: - """Allows a Member to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member. + """Allows a to complete an MFA flow by consuming a recovery code. This consumes the recovery code and returns a session token that can be used to authenticate the Member. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -142,7 +142,7 @@ def get( organization_id: str, member_id: str, ) -> GetResponse: - """Returns a Member's full set of active recovery codes. + """Returns a's full set of active recovery codes. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -165,7 +165,7 @@ async def get_async( organization_id: str, member_id: str, ) -> GetResponse: - """Returns a Member's full set of active recovery codes. + """Returns a's full set of active recovery codes. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -188,7 +188,7 @@ def rotate( organization_id: str, member_id: str, ) -> RotateResponse: - """Rotate a Member's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes. + """Rotate a's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -209,7 +209,7 @@ async def rotate_async( organization_id: str, member_id: str, ) -> RotateResponse: - """Rotate a Member's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes. + """Rotate a's recovery codes. This invalidates all existing recovery codes and generates a new set of recovery codes. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. diff --git a/stytch/b2b/api/sessions.py b/stytch/b2b/api/sessions.py index 050efeb..255f1cf 100644 --- a/stytch/b2b/api/sessions.py +++ b/stytch/b2b/api/sessions.py @@ -100,7 +100,7 @@ def authenticate( You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/resources/using-jwts) guide for more information. - If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions. + If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified. A is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions. In addition, the `organization_id` passed in the authorization check must match the Member's Organization. If the Member is not authorized to perform the specified action on the specified Resource, or if the @@ -171,7 +171,7 @@ async def authenticate_async( You may provide a JWT that needs to be refreshed and is expired according to its `exp` claim. A new JWT will be returned if both the signature and the underlying Session are still valid. See our [How to use Stytch Session JWTs](https://stytch.com/docs/b2b/guides/sessions/resources/using-jwts) guide for more information. - If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified Organization. A Member is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions. + If an `authorization_check` object is passed in, this method will also check if the Member is authorized to perform the given action on the given Resource in the specified. A is authorized if their Member Session contains a Role, assigned [explicitly or implicitly](https://stytch.com/docs/b2b/guides/rbac/role-assignment), with adequate permissions. In addition, the `organization_id` passed in the authorization check must match the Member's Organization. If the Member is not authorized to perform the specified action on the specified Resource, or if the @@ -305,13 +305,14 @@ def exchange( session_custom_claims: Optional[Dict[str, Any]] = None, locale: Optional[Union[ExchangeRequestLocale, str]] = None, ) -> ExchangeResponse: - """Use this endpoint to exchange a Member's existing session for another session in a different Organization. This can be used to accept an invite, but not to create a new member via domain matching. + """Use this endpoint to exchange a's existing session for another session in a different. This can be used to accept an invite, but not to create a new member via domain matching. To create a new member via domain matching, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead. Only Email Magic Link, OAuth, and SMS OTP factors can be transferred between sessions. Other authentication factors, such as password factors, will not be transferred to the new session. Any OAuth Tokens owned by the Member will not be transferred to the new Organization. SMS OTP factors can be used to fulfill MFA requirements for the target Organization if both the original and target Member have the same phone number and the phone number is verified for both Members. + HubSpot and Slack OAuth registrations will not be transferred between sessions. Instead, you will receive a corresponding factor with type `"oauth_exchange_slack"` or `"oauth_exchange_hubspot"` If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. @@ -336,7 +337,7 @@ def exchange( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -373,13 +374,14 @@ async def exchange_async( session_custom_claims: Optional[Dict[str, Any]] = None, locale: Optional[ExchangeRequestLocale] = None, ) -> ExchangeResponse: - """Use this endpoint to exchange a Member's existing session for another session in a different Organization. This can be used to accept an invite, but not to create a new member via domain matching. + """Use this endpoint to exchange a's existing session for another session in a different. This can be used to accept an invite, but not to create a new member via domain matching. To create a new member via domain matching, use the [Exchange Intermediate Session](https://stytch.com/docs/b2b/api/exchange-intermediate-session) flow instead. Only Email Magic Link, OAuth, and SMS OTP factors can be transferred between sessions. Other authentication factors, such as password factors, will not be transferred to the new session. Any OAuth Tokens owned by the Member will not be transferred to the new Organization. SMS OTP factors can be used to fulfill MFA requirements for the target Organization if both the original and target Member have the same phone number and the phone number is verified for both Members. + HubSpot and Slack OAuth registrations will not be transferred between sessions. Instead, you will receive a corresponding factor with type `"oauth_exchange_slack"` or `"oauth_exchange_hubspot"` If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms) to complete the MFA step and acquire a full member session. @@ -404,7 +406,7 @@ async def exchange_async( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -439,7 +441,7 @@ def migrate( session_duration_minutes: Optional[int] = None, session_custom_claims: Optional[Dict[str, Any]] = None, ) -> MigrateResponse: - """Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing Member in your Organization and create a Stytch Session. You will need to create the member before using this endpoint. + """Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing in your and create a Stytch Session. You will need to create the member before using this endpoint. Fields: - session_token: The authorization token Stytch will pass in to the external userinfo endpoint. @@ -480,7 +482,7 @@ async def migrate_async( session_duration_minutes: Optional[int] = None, session_custom_claims: Optional[Dict[str, Any]] = None, ) -> MigrateResponse: - """Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing Member in your Organization and create a Stytch Session. You will need to create the member before using this endpoint. + """Migrate a session from an external OIDC compliant endpoint. Stytch will call the external UserInfo endpoint defined in your Stytch Project settings in the [Dashboard](/dashboard), and then perform a lookup using the `session_token`. If the response contains a valid email address, Stytch will attempt to match that email address with an existing in your and create a Stytch Session. You will need to create the member before using this endpoint. Fields: - session_token: The authorization token Stytch will pass in to the external userinfo endpoint. diff --git a/stytch/b2b/api/sso.py b/stytch/b2b/api/sso.py index 9392215..2cedc23 100644 --- a/stytch/b2b/api/sso.py +++ b/stytch/b2b/api/sso.py @@ -151,7 +151,7 @@ def authenticate( If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. To link this authentication event to an existing Stytch session, include either the `session_token` or `session_jwt` param. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. @@ -177,7 +177,7 @@ def authenticate( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. @@ -227,7 +227,7 @@ async def authenticate_async( If the `session_duration_minutes` parameter is not specified, a Stytch session will be created with a 60 minute duration. To link this authentication event to an existing Stytch session, include either the `session_token` or `session_jwt` param. - If the Member is required to complete MFA to log in to the Organization, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. + If the is required to complete MFA to log in to the, the returned value of `member_authenticated` will be `false`, and an `intermediate_session_token` will be returned. The `intermediate_session_token` can be passed into the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete the MFA step and acquire a full member session. The `session_duration_minutes` and `session_custom_claims` parameters will be ignored. @@ -253,7 +253,7 @@ async def authenticate_async( `session_duration_minutes`. Claims will be included on the Session object and in the JWT. To update a key in an existing Session, supply a new value. To delete a key, supply a null value. Custom claims made with reserved claims (`iss`, `sub`, `aud`, `exp`, `nbf`, `iat`, `jti`) will be ignored. Total custom claims size cannot exceed four kilobytes. - - locale: If the Member needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. + - locale: If the needs to complete an MFA step, and the Member has a phone number, this endpoint will pre-emptively send a one-time passcode (OTP) to the Member's phone number. The locale argument will be used to determine which language to use when sending the passcode. Parameter is a [IETF BCP 47 language tag](https://www.w3.org/International/articles/language-tags/), e.g. `"en"`. diff --git a/stytch/b2b/api/totps.py b/stytch/b2b/api/totps.py index 466a1c5..5f3c64b 100644 --- a/stytch/b2b/api/totps.py +++ b/stytch/b2b/api/totps.py @@ -34,7 +34,7 @@ def create( session_token: Optional[str] = None, session_jwt: Optional[str] = None, ) -> CreateResponse: - """Create a new TOTP instance for a Member. The Member can use the authenticator application of their choice to scan the QR code or enter the secret. + """Create a new TOTP instance for a. The Member can use the authenticator application of their choice to scan the QR code or enter the secret. Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed. @@ -73,7 +73,7 @@ async def create_async( session_token: Optional[str] = None, session_jwt: Optional[str] = None, ) -> CreateResponse: - """Create a new TOTP instance for a Member. The Member can use the authenticator application of their choice to scan the QR code or enter the secret. + """Create a new TOTP instance for a. The Member can use the authenticator application of their choice to scan the QR code or enter the secret. Passing an intermediate session token, session token, or session JWT is not required, but if passed must match the Member ID passed. @@ -248,7 +248,7 @@ def migrate( secret: str, recovery_codes: List[str], ) -> MigrateResponse: - """Migrate an existing TOTP instance for a Member. Recovery codes are not required and will be minted for the Member if not provided. + """Migrate an existing TOTP instance for a. Recovery codes are not required and will be minted for the Member if not provided. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. @@ -275,7 +275,7 @@ async def migrate_async( secret: str, recovery_codes: List[str], ) -> MigrateResponse: - """Migrate an existing TOTP instance for a Member. Recovery codes are not required and will be minted for the Member if not provided. + """Migrate an existing TOTP instance for a. Recovery codes are not required and will be minted for the Member if not provided. Fields: - organization_id: Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. diff --git a/stytch/b2b/models/discovery_intermediate_sessions.py b/stytch/b2b/models/discovery_intermediate_sessions.py index c81b753..a80a924 100644 --- a/stytch/b2b/models/discovery_intermediate_sessions.py +++ b/stytch/b2b/models/discovery_intermediate_sessions.py @@ -33,7 +33,7 @@ class ExchangeResponse(ResponseBase): - intermediate_session_token: The returned Intermediate Session Token is identical to the one that was originally passed in to the request. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). - mfa_required: Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. - - primary_required: (no documentation yet) + - primary_required: Information about the primary authentication requirements of the Organization. """ # noqa member_id: str diff --git a/stytch/b2b/models/discovery_organizations.py b/stytch/b2b/models/discovery_organizations.py index 23f5871..1ab7c5b 100644 --- a/stytch/b2b/models/discovery_organizations.py +++ b/stytch/b2b/models/discovery_organizations.py @@ -27,7 +27,7 @@ class CreateResponse(ResponseBase): - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). - mfa_required: Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. - - primary_required: (no documentation yet) + - primary_required: Information about the primary authentication requirements of the Organization. """ # noqa member_id: str diff --git a/stytch/b2b/models/magic_links.py b/stytch/b2b/models/magic_links.py index 277d86e..8886a2c 100644 --- a/stytch/b2b/models/magic_links.py +++ b/stytch/b2b/models/magic_links.py @@ -32,10 +32,10 @@ class AuthenticateResponse(ResponseBase): - member: The [Member object](https://stytch.com/docs/b2b/api/member-object) - session_token: A secret token for a given Stytch Session. - session_jwt: The JSON Web Token (JWT) for a given Stytch Session. - - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). - organization: The [Organization object](https://stytch.com/docs/b2b/api/organization-object). - intermediate_session_token: The returned Intermediate Session Token contains an Email Magic Link factor associated with the Member's email address. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. - member_authenticated: Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. + - member_session: The [Session object](https://stytch.com/docs/b2b/api/session-object). - mfa_required: Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. """ # noqa @@ -46,8 +46,8 @@ class AuthenticateResponse(ResponseBase): member: Member session_token: str session_jwt: str - member_session: MemberSession organization: Organization intermediate_session_token: str member_authenticated: bool + member_session: Optional[MemberSession] = None mfa_required: Optional[MfaRequired] = None diff --git a/stytch/b2b/models/oauth.py b/stytch/b2b/models/oauth.py index d8e130b..c4e71ef 100644 --- a/stytch/b2b/models/oauth.py +++ b/stytch/b2b/models/oauth.py @@ -60,7 +60,7 @@ class AuthenticateResponse(ResponseBase): Note that these values will vary based on the OAuth provider in question, e.g. `id_token` is only returned by Microsoft. Google One Tap does not return access tokens or refresh tokens. - mfa_required: Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. - - primary_required: (no documentation yet) + - primary_required: Information about the primary authentication requirements of the Organization. """ # noqa member_id: str diff --git a/stytch/b2b/models/passwords_email.py b/stytch/b2b/models/passwords_email.py index 90aaa22..5b611b9 100644 --- a/stytch/b2b/models/passwords_email.py +++ b/stytch/b2b/models/passwords_email.py @@ -27,6 +27,12 @@ class ResetStartRequestLocale(str, enum.Enum): PTBR = "pt-br" +class DeleteResponse(ResponseBase): + member: Member + organization: Organization + member_id: Optional[str] = None + + class ResetResponse(ResponseBase): """Response type for `Email.reset`. Fields: diff --git a/stytch/b2b/models/sessions.py b/stytch/b2b/models/sessions.py index dbcb5fa..4dd4f81 100644 --- a/stytch/b2b/models/sessions.py +++ b/stytch/b2b/models/sessions.py @@ -82,7 +82,7 @@ class MemberSession(pydantic.BaseModel): class PrimaryRequired(pydantic.BaseModel): """ Fields: - - allowed_auth_methods: If non-empty, indicates that the Organization restricts the authentication methods it allows for login (such as `sso` or `password`), and the end user must complete one of those authentication methods to log in. If empty, indicates that the Organization does not restrict the authentication method it allows for login, but the end user does not have any transferrable primary factors. Only email magic link and OAuth factors can be transferred between Organizations. + - allowed_auth_methods: Details the auth method that the member must also complete to fulfill the primary authentication requirements of the Organization. For example, a value of `[magic_link]` indicates that the Member must also complete a magic link authentication step. If you have an intermediate session token, you must pass it into that primary authentication step. """ # noqa allowed_auth_methods: List[str] diff --git a/stytch/b2b/models/sso.py b/stytch/b2b/models/sso.py index f27d810..3bd68e8 100644 --- a/stytch/b2b/models/sso.py +++ b/stytch/b2b/models/sso.py @@ -25,13 +25,8 @@ class AuthenticateRequestLocale(str, enum.Enum): PTBR = "pt-br" -class Connection(pydantic.BaseModel): - organization_id: str - connection_id: str - external_organization_id: str - external_connection_id: str - display_name: str - status: str +class ConnectionImplicitRoleAssignment(pydantic.BaseModel): + role_id: str class DeleteConnectionRequestOptions(pydantic.BaseModel): @@ -66,6 +61,24 @@ def add_headers(self, headers: Dict[str, str]) -> Dict[str, str]: return headers +class GroupImplicitRoleAssignment(pydantic.BaseModel): + role_id: str + group: str + + +class Connection(pydantic.BaseModel): + organization_id: str + connection_id: str + external_organization_id: str + external_connection_id: str + display_name: str + status: str + external_connection_implicit_role_assignments: List[ + ConnectionImplicitRoleAssignment + ] + external_group_implicit_role_assignments: List[GroupImplicitRoleAssignment] + + class OIDCConnection(pydantic.BaseModel): organization_id: str connection_id: str diff --git a/stytch/version.py b/stytch/version.py index 043983b..427ec25 100644 --- a/stytch/version.py +++ b/stytch/version.py @@ -1 +1 @@ -__version__ = "11.4.1" +__version__ = "11.5.0"